Header splitting Vulnerability in Mozilla Products

Post author:shashikant redekar
Post published:September 1, 2021
Post category:Cyber Security
Post comments:0 Comments

Original Issue Date: August 31, 2021

Severity Rating: HIGH

Software Affected

Mozilla Firefox versions prior to 91.0.1

Mozilla Firefox Thunderbird version prior to 91.0.1

Overview

A vulnerability has been reported in Mozilla products which could allow a remote attacker to perform header splitting attack against servers using HTTP/3.

Description

This vulnerability exists in Mozilla products due to incorrect acceptance of a newline in a HTTP/3 header, and interpreting it as two separate headers. A remote attacker could exploit this vulnerability using HTTP/3 Responses to inject arbitrary HTTP headers and cause the server to return a split response, once the URL is clicked.

Successful exploitation of the vulnerability could lead to header splitting attack (Improper Neutralization of CRLF Sequences in HTTP Headers) against servers using HTTP/3.

Solution

Upgrade to Mozilla Firefox versions prior to 91.0.1and Firefox Thunderbird version prior to 91.0.1

Please Share This Share this content

You Might Also Like

Elevation of Privilege Vulnerability in network d-dispatcher daemon of Linux

OGNL injection vulnerability in Confluence Server and Data Center

Multiple Vulnerabilities in Apache HTTP Server

Leave a Reply Cancel reply

Share this content